I vibecode an app that only I use and store data locally. That means my data never leaves my device, I never have to share my email with anyone, never have to enter my credit card info anywhere
You buy SaaS and you have to then login, share credit card info, and have your data stored in the cloud somewhere with godknows what security practices
That’s worth more than the cost of any tokens
I'm speaking more about fake SaaS "we have an app and we charge monthly for it and license it." Obviously, a tool with cloud-based storage and sharing will be a different beast.
But do you trust a vibe coded app to do cloud-based storage and sharing better than a company or an indie developer? If you need these functions (like sharing a todo list between two users), you have a lot more concerns than "does it boot".
But that's cheating because I do this stuff professionally. Would I trust a vibe coded Todo app my uncle's son Jimmy who smoke a lot of pot uses? I'm not saving my bank account number to it, but I'd have no problem using it for reminders that my aunt's birthday is coming up so I need to buy a gift. If it gets popular within in the family unit, uncle will have me talk to his son and take a deep look at it anyway, try and encourage Jimmy to go back to school and look for a job and all that stuff too.
Plus, theres nothing stopping the company and indie developer from vibecoding as well.
So much infrastructure is there to support doing "it" in the Cloud, for all definitions of "it." If we can vibe-code bespoke one-offs to solve our problems, a lot of that Cloud interaction goes away... And that stuff is expensive and complicated.
Hypothetically, open source app stores (I'm counting apt here) address this, but then it's someone else's solution to my problem, which doesn't quite fit my problem perfectly.
This approach to software engineering could be what 3D printing is to tangible artifacts (and I mean that including the limits of 3D printing regarding tangible artifacts, but even still.)
Especially with agents that slurp up files, have access to databases, etc. You're literally giving access to your computer, your network and your data to third parties and letting them run code.
(If there is a bug though which I would want to debug and if I were not a developer, then your concerns are more valid)
I’ve seen projects where testing is done in prod and also projects where API keys for some external services (e.g. Mapbox) are shared across prod and dev. Or cases where credentials end up in Git repos (edit: wrote GitHub originally, but meant typically non-public repos on any platform) due to ease of use and how inadequate secret management solutions can be.
Luckily that’s not the majority of projects, but I bet it happens a lot more elsewhere. Definitely a bunch for your average outsourced/freelance/scrappy/non-funded project.
Whether anyone will actually use your secrets or even code that’s sent to these large AI shops, though, that’s another question. You might as well question using GitHub cause it’s owned by M$.
What is valuable is the data you store in these things. Ergo, it makes more sense to vibecode these because the code is routine, but the data you save in them is worth protecting
I mean, if you vibecoded it you don't actually know that, do you?
Can’t do that with SaaS
Also, I’m baffled that on HN of all places, I have to actually defend the idea of rolling your own apps and protecting your data from cloud providers
